VIRTUAL DESKTOP STRATEGIES
Sophos | November 22, 2022
Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced new Sophos Firewall capabilities to better meet the complex and demanding needs of distributed and enterprise edge computing. Sophos Firewall now delivers performance enhancements that accelerate encrypted traffic inspection, dynamic traffic routing for Internet Protocol version 6 (IPv6), added resiliency with software-defined wide area network (SD-WAN) load balancing and high-availability enhancements, and seamless integration with Microsoft Azure Active Directory.
“One of the key benefits of the Xstream architecture and Flow Processors is that they are programmable. This means that while other firewalls get slower over time, we can increase performance, even when we add new features and capabilities, Our design ensures customers’ investment in Sophos Firewall is future-proofed and enables seamless transition to a cloud-enabled world. SD-WAN and Secure Access Service Edge (SASE) demand a more efficient platform, which is not only resilient but also makes day-to-day management easier and faster than ever.”
Daniel Cole, vice president of network security product management at Sophos
The effective and reliable assessment of network traffic is critical in protecting against threat actors, as evidenced in Sophos’ 2023 Threat Report that published today. Distributed offices, remote workforces, cloud workloads, custom-built legacy apps, and a growing reliance on global software-as-a-service providers create a configuration and risk management headache for network security managers.
Sophos Firewall now provides the performance, protection and resiliency that distributed enterprises require, while simplifying the management of complex networks. Benefits include:
Advanced performance and protection: A new high-performance dynamic routing engine and Xstream Transport Layer Security (TLS) FastPath acceleration improves encrypted traffic inspection while also adding headroom for traffic that requires deep-packet inspection; the asymmetric cryptographic capabilities within Xstream Flow Processors – included in every XGS Series appliance – enable TLS inspection on even the most demanding networks
Added resiliency and peace of mind: New SD-WAN load balancing for performance and reliability in the event of an internet service providers’ (ISP) outage along with enhancements to high-availability clusters ensure maximum business continuity and uptime for mission critical networks
Improved ease of management: Managing network security is easier than ever with new Microsoft Azure Active Directory integration for seamless administrator single sign-on and new host and service object search
Sophos Firewall integrates with Sophos ZTNA (zero trust network access) under one unified management plane and is a key pillar of Sophos’ SASE strategy, providing a more simplified, scalable and secure solution over traditional remote-access virtual private networks (VPN). The network solution is also part of the Sophos Adaptive Cybersecurity Ecosystem, which integrates Sophos’ entire portfolio of products, services and Sophos X-Ops threat intelligence for faster and more contextual and synchronized detection, protection and response.
Sophos Firewall is available for immediate purchase exclusively through Sophos’ global channel of partners and Managed Service Providers (MSPs). It is easily managed in the cloud-native Sophos Central platform alongside other solutions, where users can oversee installations, respond to alerts and track licenses and upcoming renewal dates via a single, intuitive interface, or by Sophos Managed Detection and Response (MDR).
What Analysts, Channel Partners and Customers Say
“With their latest firewall release, Sophos has leveraged the flexibility of their Xstream architecture to deliver improvements in performance for VPN throughput and more efficient handling of TLS encrypted traffic, which is vitally important in today’s encrypted world,” said Christopher Rodriguez, research director of IDC’s Security & Trust practice. “They’ve also completed the build-out of their networking feature set to provide an integrated SD-WAN solution. Combined with other recent enhancements to their secure access portfolio like ZTNA as a Service, they’re positioning to provide the features and capabilities that larger distributed enterprise organizations demand, while also building out a SASE strategy that will appeal to organizations of all sizes.”
“As a multinational technology consulting firm that’s relied on Sophos Firewall since it was first incepted, Seidor Networks intimately knows the offering is a must-have solution for protecting against malware and other unwanted network traffic,” said Sean Hancock, ISP manager at Seidor Networks. “Sophos is continuously innovating and adding new features that are industry best. This new version of Sophos Firewall raises the bar even higher with unrivaled network protection and performance; and when you pair Sophos Firewall with Sophos XDR, the results are truly next level as endpoints and firewalls share real-time threat intelligence for further improved network visibility and lateral movement control.”
“The new Sophos Firewall software has multiple advantages for all of our customers,” said Marc Hurrelmann, chief executive officer at Midland IT. “Many of the features added have been designed to address the challenges that larger organizations are facing with implementing SD-WAN, optimizing performance, scaling their network, improving resiliency and up-time, and enhancing management efficiency. Smaller organizations will benefit from all the added value packed into Sophos Firewall with better performance, protection, networking, and management.”
Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organizations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K.
VMware | September 22, 2022
VMware, Inc. announced it has been positioned by Gartner, Inc. as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN. Gartner recognized VMware for its ability to execute and completeness of vision. Previously known as the Gartner Magic Quadrant for WAN Edge Infrastructure, this year’s report marks the fifth consecutive year that Gartner has recognized VMware as a Leader in SD-WAN.
Architected with the idea that the cloud is the network, VMware SD-WAN provides unparalleled reliability and simplicity in securely connecting users from the branch or home to cloud, SaaS, or traditional applications. These benefits stem in part from VMware and its partners investment in more than 150 points of presence worldwide that have high-speed, low-latency connections to major cloud and SaaS providers.
“VMware is honored to be recognized again by Gartner as a Leader in SD-WAN, We feel our extensive deployments of more than 600,000 branches across 18,000 customers have given us the ability to continually adapt to the evolving needs of SD-WAN customers. The unique insights gleaned from what enterprises need near- and long-term are a big reason why, we believe, we continue to be a leader in SD-WAN.”
Craig Conners, general manager, SASE, VMware
VMware SD-WAN is a part of VMware SASE. By delivering cloud networking and cloud security services with VMware SASE, customers can achieve:
With a cloud-first approach, VMware SD-WAN delivers a more secure, reliable, and optimal path to SaaS and IaaS providers via a unique global network of cloud-hosted gateways, allowing customers to simplify their path to cloud transformation. VMware provides customers and partners the option to host gateways themselves as well to take advantage of their own SaaS and IaaS on-ramps in a more efficient way than other SD-WAN providers.
Broad security options including an ICSA-certified branch firewall, third-party security workloads, and configurable business policies that direct traffic to the cloud or data center for better protection against attacks at all levels. Additionally, VMware provides Security Service Edge (SSE) capabilities to help customers better secure access to all web and cloud services as well as locally hosted applications.
Assured application performance with user access and an optimized experience for mission-critical apps, even during degraded network conditions.
Simplified operations that include cloud-based gateways and an orchestration platform to eliminate the management overhead normally required to maintain these components. Additionally, VMware Edge Network Intelligence provides true visibility and analytics into networks, end user and IoT devices. AIOps capabilities combine machine learning, AI, big data, and self-healing technologies to help network operations teams further simplify IT management.
Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
This document was renamed from Magic Quadrant of WAN Edge Infrastructure to Magic Quadrant for SD-WAN in 2022.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
HashiCorp | October 10, 2022
HashiCorp, Inc. a leading provider of multi-cloud infrastructure automation software, today announced the general availability of HashiCorp Cloud Platform (HCP) Boundary, a secure remote access product. With this release, Boundary joins HCP Vault and HCP Consul to provide the industry’s first zero trust security solution to secure applications, networks, and people built for the cloud.
As organizations move to the cloud and adopt cloud operating models, they require a different approach to security — commonly referred to as zero trust security — where the default security posture is to trust nothing, authenticate and authorize everything. But the gap between legacy security postures and the accelerated move to the cloud is contributing to a significant increase in security breaches. According to the HashiCorp State of Cloud Strategy Survey, 89% of respondents believe security is the number one determining factor for cloud success, which is driving organizations to adopt zero trust security postures.
HashiCorp’s approach to zero trust security focuses on using identity to secure applications, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows. This ensures people, machines, and services are authenticated, every action is authorized, and data is protected.
“As organizations continue to expand their cloud estates, they must shift their security strategies to keep up with the growth and complexity of applications, network components, and cloud-based systems, At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce. We think we’ve reached an important milestone for our customers by delivering a security solution built for today’s threat and infrastructure landscape.”
Armon Dadgar, co-founder and CTO, HashiCorp
As organizations move out of traditional datacenters and into multiple clouds, hybrid, and edge environments, securing their infrastructure becomes more complex at scale. The HashiCorp zero trust solution covers all three of these aspects:
Applications: HashiCorp Vault provides a consistent way to manage application identity by integrating many platforms and identity providers. Vault enables fine-grained access control and authorization between applications and databases, including dynamically rotating credentials, PKI certificates, and API tokens, while also ensuring application data is always secure in transit and at rest.
Networks: HashiCorp Consul secures network traffic between applications and services, enabling fine-grained access control policies, observability, and traffic shaping. Consul integrates with Vault’s identity platform to leverage application identity for the policies and to allow dynamic PKI.
People: HashiCorp Boundary ensures the right people have access to the right systems and cloud services while removing the need to distribute and issue credentials, expose private networks, or manage static credentials. Boundary integrates with Vault to issue just-in-time credentials and ensure ephemeral access to critical systems.
General Availability of HCP Boundary
HCP Boundary provides a secure remote access solution for a cloud operating model, offering improvements over existing software-defined perimeter (SDP) solutions, like VPNs, and privileged access management (PAM) solutions that are IP-driven and highly manual. With HCP Boundary, teams gain fine-grained authentication and authorization controls, rapid user onboarding, and automated workflows for target discovery and credential management for ephemeral resources. As a cloud-based service, HCP Boundary benefits organizations struggling with security as they transition to the cloud, driven by people and skills shortages.
HCP Boundary allows teams and users to access the critical systems they need while abstracting the session connection, establishment, credential issuance, and revocation. Boundary provides operations and security teams the ability to dynamically pull in cloud service catalogs and on-premises resources and map out policies to which systems, users, and groups should have access. To do this Boundary leverages Vault to provide passwordless connections, and after each use revokes the credentials. This helps ensure critical information like credentials, networks, and resources are never exposed to the user or outside actors.
In addition to core secure remote access capabilities, Boundary also offers:
Identity platform integration with Microsoft Azure Active Directory and Okta, along with many other identity platforms that support OpenID Connect to onboard trusted identities and delegate authentication
Role-based access control (RBAC) to provide broad or fine-grained access to people throughout your organization
Passwordless authentication for seamless integration with dynamic secrets and Vault
Automated service discovery for streamlined discovery and configuration of targets. Dynamic host catalogs are currently available with Microsoft Azure and AWS, as well as direct HashiCorp Terraform integration to pull in resources under management
Session visibility and logging to get insights into session metrics, events, logs, and traces with the ability to export data to business intelligence and event monitoring tools
HashiCorp is a leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows and create a system of record for automating the cloud: infrastructure provisioning, security, networking, and application deployment. HashiCorp’s portfolio of products includes Vagrant™, Packer™, Terraform®, Vault™, Consul®, Nomad™, Boundary™, and Waypoint™. HashiCorp offers products as open source, enterprise, and as managed cloud services. The company is headquartered in San Francisco, though most of HashiCorp employees work remotely, strategically distributed around the globe.